On 13 August 2016, a group named Shadow Brokers released a large number of hacking tools that were targeting specific network devices. These included Cisco, WatchGuard and Fortinet equipment. The leaked files contain exploits, discovery tools, implants and documentation on how to use the tools. Users and organizations that are using the affected products are advised to assess and patch them immediately.

Affected Products and Versions

Currently, the following products and versions are known to be affected:

* These products have reached their End-of-Life (EOL). Cisco will not be releasing any patches or fixes for these devices.

Impact

Several of the leaked tools have been verified to be fully functional and allow a remote attacker to bypass authentication, gain administrative privilege control, and steal sensitive information such as VPN password or cryptographic keys that are cached or stored on vulnerable device. They also allow an attacker to snoop on unencrypted traffic passing through and inject traffic onto the victim’s network. The impact of these tools are severe from security perspective.

Recommendations

Verify that all the affected devices listed in the Affected Products and Versions section are not compromised.

If there are signs of compromise:

Backup the device’s configuration files.

Reinstall a clean version of the device’s firmware and reconfigure the device.

Where upgrades and patches are available, update them to the latest version.